BIND DNS vulnerabilities (CVE-2006-0987, ...

FortiADC

FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.

Article Id 340864

Description

This article describes that Scanning tools report CVE-2006-0987 and CVE-1999-0024 vulnerabilities in FortiADC.

Scope

FortiADC.

Solution

Scanning tools have detected the following vulnerabilities:

CVE-1999-0024: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024
CVE-1999-0024: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987

This behavior can be fixed disabling recursive feautre in 'global-dns-server general' or 'global-dns-server policy'.

config global-dns-server general
set recursion-status disable
set listen-on-all-interface enable
end

config global-dns-server policy
edit "DEFAULT_DNS_POLICY"
set source-address any
set destination-address any
set zone-list fqdn_generate_domain.lab. fqdn_generate_fortinet-tac.lab. .......
set recursion-status disable
next
end

Apply the DNS-Server-Policy into each Zone:
PSIRT Note: Vulnerability Scanner false positive FortiOS ISC BIND DNS vulnerabilities false alarm

479

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: BIND DNS vulnerabilities (CVE-2006-0987, CVE-1999-0024)

You are leaving our website